Features

net.wars: Data hogs

If a data point falls in the forest and there's no database to pick it up, is it still private?

There is a general view that people do not care about privacy, particularly younger people. They blog the names of all their favorite bands and best friends, post their drunken photographs on Facebook, and tell all of MySpace who they slept with last night. No one, the argument goes – actually 22 percent – reads the privacy policies Web sites pay their lawyers to draw up so unreadably.

And yet the perception is wrong. People do, clearly, care about privacy – when the issues are made visible to them. Unfortunately, the privacy-invasiveness of a service, policy, or Web site usually only becomes visible after the horse has escaped and is comfortably grazing in the field of three-leaf clover.

A lot of this is, as Charles Arthur blogged recently in relation to the loss of the HMRC discs holding the Child Benefit database, an education issue: if we taught kids important principles of computer science, like security, privacy, and the value of data, instead of boring things like how to format an Excel spreadsheet, some of the most casual data violations wouldn't happen.

A lot of recent privacy failures seem to have happened in just this same unconscious way. Google's various privacy invasions, for example, seem to be a peculiarly geeky failure to connect with the general public's view of things. You can just imagine the techies at the Googleplex saying, "Oh, cool! Look, you can see right into the windows of those houses!" and utterly failing at simple empathy.

The continuing Facebook privacy meltdown seems to include the worst aspects of both the HMRC incident and Google's blind spot. If you haven't been following it, the story in brief is that Facebook created a new advertising program it calls Beacon, which collects tracking data from a variety of partner sites such as Blockbuster.com. Beacon then uses the data to display your latest purchases so your friends can see them.

The blind spot is, of course, the utter surprise with which the company greeted the discovery that people have all sorts of reasons why they don't want their purchase history displayed to their friends. They might be gifts for said friends.

The friends, as so often on Facebook and the other social networks, may not be really friends but acquaintances chosen to make you look well-connected, or relatives you assiduously avoid in real life. And even your closest real friends may prefer not to know too much about the porn DVDs you rent. American librarians are militant about protecting the reading lists of library patrons; but Facebook would gleefully expose the books you buy. Are you kidding me? Facebook CEO Mark Zuckerberg can apologize all he wants, but his apparent surprise at the size of the fuss suggests that he's as inexperienced at shopping as those women in front of you in the grocery checkout who seem not to know they'll need to pay until after everything's been bagged up.

What Facebook shares with HMRC, though, is the underlying principle that it's cheaper to send the full set of data and let the recipients delete what they don't want than to be selective. And so, as the story has developed, it turns out that all sorts of data is being sent to Facebook, some of it even relating to non-users. They just delete what they don't want, so they say.

Facebook was briefly defensive, then allowed users to opt out, and then finally allowed users to delete the thing entirely. But the whole thing highlights one of the very real problems with social network sites that net.wars first wrote about in connection with (the now more responsibly designed) Plaxo: they grow by getting people to invade their own and their friends' privacy. The Australian computer scientist and privacy advocate Roger Clarke, whose paper Very Black "Little Black Boooks" is the seminal work in this area, predicted in 2003 that the social networks' business models would force them to become extremely invasive. And so it has proved.

How do we make privacy a choice? We know people care about privacy when they can see its loss: the reactions to the Facebook and HMRC incidents have made this plain. We know they do from recent research by Lorrie Cranor at Carnegie-Mellon (PDF) which suggests, for example, that people's purchasing habits will change if you give them an easy-to-understand graphical representation of how well an ecommerce site's practices match their privacy preferences.

But visibility to users, helpful though it would be, is not the root of the problem. What privacy advocates need going forward is a way to persuade companies and governments to make privacy choices easy and visible when their mindset is to collect and keep all data, all the time? These organisations do not perceive giving users control over their privacy as being in their own best interests. Maybe plummeting stock prices and forced resignations, however brief, will get through to them.

But to keep their attention focused on building better systems that put the user in control, we need to make the consequences of getting it wrong constantly visible and easily interpretable to the data hogs themselves.